Introduction to Ethical Hacking

 

What are the Objectives of Ethical Hacking?

If hacking per se today is bent on stealing valuable information, ethical hacking on the other hand is used to identify possible weak points in your computer system or network and making them secure before the bad guys (the black hat hackers) use them against you. It’s the objective of white hat hackers or ethical hackers to do security checks and keep everything secure.

That is also the reason why some professional white hat hackers are called penetration testing specialists. One rule of thumb to help distinguish penetration testing versus malicious hacking is that white hat hackers have the permission of the system’s owner to try and break their security.

In the process, if the penetration testing is successful, the owner of the system will end up with a more secure computer system or network system. After all the penetration testing is completed, the ethical hacker, the one who’s doing the legal hacking, will recommend security solutions and may even help implement them.

It is the goal of ethical hackers to hack into a system (the one where they were permitted and hired to hack, specifically by the system’s owner) but they should do so in a non-destructive way. This means that even though they did hack into the system, they should not tamper with the system’s operations.

Part of their goal is to discover as much vulnerability as they can. They should also be able to enumerate them and report back to the owner of the system that they hacked. It is also their job to prove each piece of vulnerability they discover. This may entail a demonstration or any other kind of evidence that they can present.

Ethical hackers often report to the owner of the system or at least to the part of a company’s management that is responsible for system security.  They work hand in hand with the company to keep the integrity of their computer systems and data. Their final goal is to have the results of their efforts implemented and make the system better secured.

As part of ethical hacking, you should also know the actual dangers and vulnerabilities that your computer systems and networks face. Next time you connect your computer to the internet or host a WiFi connection for your friends, you ought to know that you are also opening a gateway (or gateways) for other people to break in.

Network Infrastructure Attacks

Network infrastructure attacks refer to hacks that break into local networks as well as on the Internet.

A lot of networks can be accessed via the internet, which is why there are plenty out there that can be broken into. One way to hack into a network is to connect a modem to a local network. The modem should be connected to a computer that is behind the network’s firewall.

Another method of breaking into a network is via NetBIOS, TCP/IP, and other transport mechanisms within a network. Some tricks include creating a denial of service by flooding the network with a huge load of requests.

Network analyzers capture data packets that travel across a network. The information they capture is then analyzed and the information in them is revealed. Another example of a fairly common network infrastructure hack is when people piggyback on WiFi networks that aren’t secured. You may have heard of stories of some people who walk around the neighborhood with their laptops, tablets, or smartphones looking for an open WiFi signal coming from one of their neighbors. 

Non-Technical Attacks

Non-technical attacks basically involve manipulating people into divulging their passwords, willingly or not. The term social engineering comes to mind and it is the tool used in these kinds of attacks. An example of this is by duping (or even bribing) a coworker to divulge passwords and usernames. We’ll look into social engineering a little later on.

Another form of non-technical attack is simply walking into another person’s room where the computer is, booting the computer, and then gathering all the information that you need – yes it may sound like Tom Cruise and his mission impossible team, but in reality these non-technical attacks are a serious part of hacking tactics. 

Attacks on an Operating System

Operating system attacks are one of the more frequent hacks performed per quota. Well, it’s simply a numbers game. There are many computers out there and a lot of them don’t even have ample protection. There are a lot of loopholes in many operating systems – even the newest ones around still have a few bugs that can be exploited.

One of the avenues for operating system attacks is password hacking or hacking into encryption mechanisms. Some hackers are just obsessed with hacking other people’s passwords just for the sheer thrill of it.

Attacks on Applications

Apps, especially the ones online and the ones that deal with connectivity, get a lot of attacks.

Examples of which include web applications and email server software applications. Some of the attacks include spam mail (remember the Love Bug or ILOVEYOU virus back in 2000?). Spam mail can carry pretty much anything that can hack into your computer system. 

Malware or malicious software is also another tool in the hands of a hacker when they try to attack pretty much everything, especially apps. These software programs include Trojan horses, worms, viruses, and spyware. A lot of these programs can gain entry into your computer system online. Another set of applications that get attacked frequently are SMTP applications (Simple Mail Transfer Protocols) and HTTP applications (Hypertext Transfer Protocols). Most of these applications are usually allowed to get by firewalls by the computer users themselves. They are allowed access simply because they are needed by the users or a company for its business operations. 

Compromising Physical Security Flaws

Physical security is actually a vital part of information security. Hackers can eventually find access to one of your computers. They can’t get past your company’s firewall but they can install a hardware or software within your network inside your firewall by simply walking in the door and connecting a device into one of your employee’s computers.

Smaller companies that have few employees will have very little to worry about. These employees usually don’t allow a stranger to use their computers. Larger companies have a bigger problem – they have more employees, more computer hardware, and plenty of other access points that hackers can use.

Hackers may not always want to just install a piece of hardware and have a point of entry from the inside. They may just need to access a computer, steal some important documents, or grab anything that seems to contain some vital information. They will usually have an alibi when asked. They will try to enter a building through any door including outside smoking areas where employees go to, cafeteria doors, fire escapes, or any entry point that is available. They may even just tailgate employees reentering a building and all they need to say to get in is “thank you for keeping the door open.”